Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

SQL Injection Named Top Database Concern for SMBs in Recent Survey

GreenSQL, a company that SecurityWeek first met earlier this year during the RSA Conference, recently released the results of a poll that included more than 6,000 customers, IT administrators, DBAs, InfoSec practitioners, and consultants. The results, when focused on information security and database security, show that the majority fear SQL Injection vulnerabilities.

GreenSQL, a company that SecurityWeek first met earlier this year during the RSA Conference, recently released the results of a poll that included more than 6,000 customers, IT administrators, DBAs, InfoSec practitioners, and consultants. The results, when focused on information security and database security, show that the majority fear SQL Injection vulnerabilities.

The respondents were all in the SMB space, which is where most of the database breaches in 2011 came from, so it is natural that they are hyperaware of the threat. Thus, when 51% of them named SQL Injection attacks as a primary concern, either from external or internal sources, you could almost argue that this was expected.

Perhaps so, but SQL Injection remains the top method used by attackers in order to gain unauthorized access to data, and it has been a major attack vector for years, so awareness in situation is a lot like being close in a game of hand grenades.

In addition to SQL Injection, other data protection concerns expressed by the study’s respondents include internal threats (31%), such as unauthorized access, DBA errors, and data exposure to non-privileged users; and compliance (18%).

“In today’s environment, it isn’t a matter of whether you will be hacked, but when. Cybercriminals recognize that not only enterprises but also SMBs are especially vulnerable,” said GreenSQL CEO, Amir Sadeh.

“Databases contain the crown jewels of an organization, which means a break-in by insiders or outsiders can cost millions in fines, lawsuits, and customer attrition.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Raffi Joukhadarian has been named Managing Director and Chief Financial Officer at MorganFranklin Cyber.

Data security firm Rubrik has appointed Kavitha Mariappan as its Chief Transformation Officer.

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.